From e961d5db605e700519edb84456b003c7886e8f1e Mon Sep 17 00:00:00 2001
From: Henry N <henrynmail-github@yahoo.de>
Date: Tue, 31 Mar 2020 17:15:46 +0200
Subject: [PATCH] unbound IPv6 listen and access-control

Add IPv6 interface (listen), access-control and private-address into /etc/unbound/openvpn.conf
---
 openvpn-install.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 3acb443..679ea71 100755
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -157,10 +157,17 @@ prefetch: yes' >> /etc/unbound/unbound.conf
 	qname-minimisation: yes
 	prefetch: yes' > /etc/unbound/unbound.conf
 		fi
+		
+		# IPv6 DNS for all OS
+		if [[ "$IPV6_SUPPORT" == 'y' ]]; then
+			echo 'interface: fd42:42:42:42::1
+access-control: fd42:42:42:42::/112 allow' >> /etc/unbound/unbound.conf
+		fi
 
 		if [[ ! "$OS" =~ (fedora|centos|amzn) ]];then
 			# DNS Rebinding fix
 			echo "private-address: 10.0.0.0/8
+private-address: fd42:42:42:42::/112
 private-address: 172.16.0.0/12
 private-address: 192.168.0.0/16
 private-address: 169.254.0.0/16
@@ -181,6 +188,7 @@ hide-version: yes
 use-caps-for-id: yes
 prefetch: yes
 private-address: 10.0.0.0/8
+private-address: fd42:42:42:42::/112
 private-address: 172.16.0.0/12
 private-address: 192.168.0.0/16
 private-address: 169.254.0.0/16
@@ -188,6 +196,10 @@ private-address: fd00::/8
 private-address: fe80::/10
 private-address: 127.0.0.0/8
 private-address: ::ffff:0:0/96' > /etc/unbound/openvpn.conf
+		if [[ "$IPV6_SUPPORT" == 'y' ]]; then
+			echo 'interface: fd42:42:42:42::1
+access-control: fd42:42:42:42::/112 allow' >> /etc/unbound/unbound.conf
+		fi
 	fi
 
 		systemctl enable unbound